Delete audit data

You may need to delete audit data to comply with a customer's request to delete their history or to free up log capacity space. You can't directly delete records in the Auditing (Audit) table. Instead, Dataverse provides the following messages to delete audit history data:

Message Description
DeleteRecordChangeHistory Deletes all the audit change history records for a particular record.
BulkDelete Asynchronously deletes records identified by a query. Use this message to delete large numbers of audit records without blocking other activities.
DeleteAuditData For customers using customer-managed encryption keys, deletes all audit data records up to a specified end date.

Note

This article provides instructions for deleting personal data from the device or service and can help you meet your obligations under GDPR. For general information about GDPR, see the GDPR section of the Microsoft Trust Center and the GDPR section of the Service Trust portal.

Delete the change history for a record

Use the DeleteRecordChangeHistoryRequest message to delete all the audit change history records for a particular record rather than all the audit records for a date range.

To delete the audit change history for a record, make sure you have the System Administrator security role or a security role with the prvDeleteRecordChangeHistory privilege.

DeleteRecordChangeHistoryRequest message

Use the Target parameter to specify the record. The DeletedEntriesCount property of the response tells you how many audit records were deleted.

The following example uses the DeleteRecordChangeHistory Action to delete the audited data changes for an account record.

Request:

POST [Organization URI]/api/data/v9.2/DeleteRecordChangeHistory HTTP/1.1
Accept: application/json  
OData-MaxVersion: 4.0  
OData-Version: 4.0
If-None-Match: null

{
 "Target": {
  "@odata.type": "Microsoft.Dynamics.CRM.account",
  "accountid": "611e7713-68d7-4622-b552-85060af450bc"
 }
}

Response:

HTTP/1.1 200 OK
OData-Version: 4.0

{
 "@odata.context": "[Organization URI]/api/data/v9.2/$metadata#Microsoft.Dynamics.CRM.DeleteRecordChangeHistoryResponse",
 "DeletedEntriesCount": 4
}

Learn more about:

Use BulkDelete to delete audit data

Use the BulkDelete message to delete audit records your organization no longer needs to retain to comply with internal and external auditing requirements. The bulk delete operation runs in the background and allows you to define recurrence patterns, start time, and other parameters.

BulkDelete message

The following example deletes audit records with an action value of 64 (User Access via Web).

Request:

POST [Organization URI]/api/data/v9.1/BulkDelete
Accept: application/json  
OData-MaxVersion: 4.0  
OData-Version: 4.0  

{
 "QuerySet": [
  {
   "EntityName": "audit",
   "Criteria": {
    "FilterOperator": "And",
    "Conditions": [
     {
      "AttributeName": "action",
      "Operator": "Equal",
      "Values": [
       {
        "Type": "System.String",
        "Value": "64"
       }
      ]
     }
    ],
    "Filters": []
   }
  }
 ],
 "JobName": "Bulk Delete of audit records with action = 64",
 "SendEmailNotification": false,
 "ToRecipients": [],
 "CCRecipients": [],
 "RecurrencePattern": "",
 "StartDateTime": "2022-02-02T10:00:00.000Z"
}

Response:

HTTP/1.1 200 OK
Content-Type: application/json; odata.metadata=minimal
OData-Version: 4.0

{
 "@odata.context": "[Organization URI]/api/data/v9.0/$metadata#Microsoft.Dynamics.CRM.BulkDeleteResponse",
 "JobId": "[Job Id]"
}

Learn more about:

Delete the change history for a date range

If you use customer-managed encryption keys, you can use the DeleteAuditData message to delete audit records for a date range. Audit data records are deleted sequentially from oldest to newest.

Note

Even if you're using customer-managed encryption keys, you should consider using Bulk Delete rather than the DeleteAuditData message.

The DeleteAuditData message deletes all audit data in partitions where the end date is before the date specified in the EndDate property. Any empty partitions are also deleted. The current (active) partition and the audit records in it can't be deleted using this request or any other.

Dataverse automatically creates partitions every quarter. You can't change or stop this behavior. You can use the RetrieveAuditPartitionList message to obtain the list of partitions. If the end date of any partition is later than the current date, you can't delete that partition or any audit records in it.

See also

Auditing overview
Configure auditing
Retrieve the history of audited data changes
Administrator's Guide: Recover database space by deleting audit logs